fix: re-add ruleset and fix up snippet

* re-add ruleset

* snippet fixes

* snippet fixes

Author: nlsandler

examples/data-sources/cloudflare_ruleset/data-source.tf

@@ -0,0 +1,5 @@
+data "cloudflare_ruleset" "example_ruleset" {
+  ruleset_id = "2f2feab2026849078ba485f918791bdc"
+  account_id = "account_id"
+  zone_id = "zone_id"
+}

examples/data-sources/cloudflare_rulesets/data-source.tf

@@ -0,0 +1,4 @@
+data "cloudflare_rulesets" "example_rulesets" {
+  account_id = "account_id"
+  zone_id = "zone_id"
+}

examples/resources/cloudflare_ruleset/import.sh

@@ -0,0 +1 @@
+$ terraform import cloudflare_ruleset.example '<{accounts|zones}/{account_id|zone_id}>/<ruleset_id>'

examples/resources/cloudflare_ruleset/resource.tf

@@ -0,0 +1,43 @@
+resource "cloudflare_ruleset" "example_ruleset" {
+  kind = "root"
+  name = "My ruleset"
+  phase = "http_request_firewall_custom"
+  zone_id = "zone_id"
+  description = "My ruleset to execute managed rulesets"
+  rules = [{
+    action = "block"
+    action_parameters = {
+      response = {
+        content = <<EOT
+        {
+          "success": false,
+          "error": "you have been blocked"
+        }
+        EOT
+        content_type = "application/json"
+        status_code = 400
+      }
+    }
+    description = "Block when the IP address is not 1.1.1.1"
+    enabled = true
+    exposed_credential_check = {
+      password_expression = "url_decode(http.request.body.form[\\\"password\\\"][0])"
+      username_expression = "url_decode(http.request.body.form[\\\"username\\\"][0])"
+    }
+    expression = "ip.src ne 1.1.1.1"
+    logging = {
+      enabled = true
+    }
+    ratelimit = {
+      characteristics = ["ip.src"]
+      period = 60
+      counting_expression = "http.request.body.raw eq \"abcd\""
+      mitigation_timeout = 600
+      requests_per_period = 1000
+      requests_to_origin = true
+      score_per_period = 400
+      score_response_header_name = "my-score"
+    }
+    ref = "my_ref"
+  }]
+}

internal/provider.go

@@ -7,9 +7,10 @@ import (
 	"fmt"
 	"os"
 	"regexp"
-	"github.com/cloudflare/terraform-provider-cloudflare/internal/consts"
+
 	"github.com/cloudflare/cloudflare-go/v5"
 	"github.com/cloudflare/cloudflare-go/v5/option"
+	"github.com/cloudflare/terraform-provider-cloudflare/internal/consts"
 	"github.com/cloudflare/terraform-provider-cloudflare/internal/services/access_rule"
 	"github.com/cloudflare/terraform-provider-cloudflare/internal/services/account"
 	"github.com/cloudflare/terraform-provider-cloudflare/internal/services/account_api_token_permission_groups"
@@ -126,6 +127,7 @@ import (
 	"github.com/cloudflare/terraform-provider-cloudflare/internal/services/regional_tiered_cache"
 	"github.com/cloudflare/terraform-provider-cloudflare/internal/services/registrar_domain"
 	"github.com/cloudflare/terraform-provider-cloudflare/internal/services/resource_group"
+	"github.com/cloudflare/terraform-provider-cloudflare/internal/services/ruleset"
 	"github.com/cloudflare/terraform-provider-cloudflare/internal/services/schema_validation_operation_settings"
 	"github.com/cloudflare/terraform-provider-cloudflare/internal/services/schema_validation_schemas"
 	"github.com/cloudflare/terraform-provider-cloudflare/internal/services/schema_validation_settings"
@@ -218,9 +220,9 @@ import (
 	"github.com/cloudflare/terraform-provider-cloudflare/internal/services/zone_hold"
 	"github.com/cloudflare/terraform-provider-cloudflare/internal/services/zone_lockdown"
 	"github.com/cloudflare/terraform-provider-cloudflare/internal/services/zone_setting"
+	"github.com/cloudflare/terraform-provider-cloudflare/internal/services/zone_subscription"
 	"github.com/cloudflare/terraform-provider-cloudflare/internal/utils"
 	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
-	"github.com/cloudflare/terraform-provider-cloudflare/internal/services/zone_subscription"
 	"github.com/hashicorp/terraform-plugin-framework/datasource"
 	"github.com/hashicorp/terraform-plugin-framework/path"
 	"github.com/hashicorp/terraform-plugin-framework/provider"
@@ -468,6 +470,7 @@ func (p *CloudflareProvider) Resources(ctx context.Context) []func() resource.Re
 		api_shield_schema.NewResource,
 		managed_transforms.NewResource,
 		page_shield_policy.NewResource,
+		ruleset.NewResource,
 		url_normalization_settings.NewResource,
 		spectrum_application.NewResource,
 		regional_hostname.NewResource,
@@ -723,6 +726,8 @@ func (p *CloudflareProvider) DataSources(ctx context.Context) []func() datasourc
 		page_shield_scripts.NewPageShieldScriptsListDataSource,
 		page_shield_cookies.NewPageShieldCookiesDataSource,
 		page_shield_cookies.NewPageShieldCookiesListDataSource,
+		ruleset.NewRulesetDataSource,
+		ruleset.NewRulesetsDataSource,
 		url_normalization_settings.NewURLNormalizationSettingsDataSource,
 		spectrum_application.NewSpectrumApplicationDataSource,
 		spectrum_application.NewSpectrumApplicationsDataSource,

internal/services/ruleset/data_source.go

@@ -0,0 +1,88 @@
+// File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details.
+
+package ruleset
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"net/http"
+
+	"github.com/cloudflare/cloudflare-go/v5"
+	"github.com/cloudflare/cloudflare-go/v5/option"
+	"github.com/cloudflare/terraform-provider-cloudflare/internal/apijson"
+	"github.com/cloudflare/terraform-provider-cloudflare/internal/logging"
+	"github.com/hashicorp/terraform-plugin-framework/datasource"
+)
+
+type RulesetDataSource struct {
+	client *cloudflare.Client
+}
+
+var _ datasource.DataSourceWithConfigure = (*RulesetDataSource)(nil)
+
+func NewRulesetDataSource() datasource.DataSource {
+	return &RulesetDataSource{}
+}
+
+func (d *RulesetDataSource) Metadata(ctx context.Context, req datasource.MetadataRequest, resp *datasource.MetadataResponse) {
+	resp.TypeName = req.ProviderTypeName + "_ruleset"
+}
+
+func (d *RulesetDataSource) Configure(ctx context.Context, req datasource.ConfigureRequest, resp *datasource.ConfigureResponse) {
+	if req.ProviderData == nil {
+		return
+	}
+
+	client, ok := req.ProviderData.(*cloudflare.Client)
+
+	if !ok {
+		resp.Diagnostics.AddError(
+			"unexpected resource configure type",
+			fmt.Sprintf("Expected *cloudflare.Client, got: %T. Please report this issue to the provider developers.", req.ProviderData),
+		)
+
+		return
+	}
+
+	d.client = client
+}
+
+func (d *RulesetDataSource) Read(ctx context.Context, req datasource.ReadRequest, resp *datasource.ReadResponse) {
+	var data *RulesetDataSourceModel
+
+	resp.Diagnostics.Append(req.Config.Get(ctx, &data)...)
+
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	params, diags := data.toReadParams(ctx)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	res := new(http.Response)
+	env := RulesetResultDataSourceEnvelope{*data}
+	_, err := d.client.Rulesets.Get(
+		ctx,
+		data.RulesetID.ValueString(),
+		params,
+		option.WithResponseBodyInto(&res),
+		option.WithMiddleware(logging.Middleware(ctx)),
+	)
+	if err != nil {
+		resp.Diagnostics.AddError("failed to make http request", err.Error())
+		return
+	}
+	bytes, _ := io.ReadAll(res.Body)
+	err = apijson.UnmarshalComputed(bytes, &env)
+	if err != nil {
+		resp.Diagnostics.AddError("failed to deserialize http request", err.Error())
+		return
+	}
+	data = &env.Result
+
+	resp.Diagnostics.Append(resp.State.Set(ctx, &data)...)
+}